Cyber Briefing: 2023.12.06. 👉 What’s trending in cybersecurity… | by CyberMaterial | Dec, 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

👉 What’s trending in cybersecurity today?

iPhone Attack, NFT Collections, Russia’s AI Disinfo Campaigns, Qualcomm Chip Vulnerabilities, Google Play, SpyLoan Scam, HTC Global, North Korea, South Korea, Pan-American Life Insurance Group, Team Network Nine, Bangladesh, Kali Linux 2023.4, ENISA, REAL ID, TSA.

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

1. Deceptive iPhone Lockdown Mode Bypass

A novel post-exploitation tampering technique can deceive iPhone users by creating a fake Lockdown Mode, even if the device is compromised. Researchers demonstrated how a trojan could manipulate Lockdown Mode, providing users with a false sense of security. By hooking functions triggered upon activation, the attacker can create a fake Lockdown Mode and initiate a userspace reboot. This allows malware to persistently spy on users even after a reboot. The technique exploits the separation of user interface and implementation reality in widely publicized security features like Lockdown Mode, highlighting the evolving threat landscape and the need for heightened user awareness.

2. NFT Collections at Risk for Library Flaw

A Web3 open-source library vulnerability affects pre-built smart contracts, impacting NFT collections like Coinbase. Discovered by Thirdweb on Nov 20, the flaw prompted immediate remediation. Thirdweb didn’t disclose specifics to prevent attacks but notified maintainers and shared details with affected protocols. Smart contracts impacted include those for airdrops, marketplaces, and tokens. Users, upset by the lack of transparency, requested details and CVE identifiers. Mitigation advice involves locking vulnerable contracts, taking snapshots, and migrating to non-vulnerable versions. Major NFT platforms, including Coinbase NFT, OpenSea, and Mocaverse, respond by taking measures to secure assets and assist affected users.

3. AI Disinfo Targets Ukraine, U.S., Germany

Doppelganger, a Russia-linked influence operation, utilizes inauthentic news sites and social media to target Ukraine, the U.S., and Germany. Meta describes it as the “largest and most aggressively-persistent Russian-origin operation,” spreading anti-Ukrainian propaganda since February 2022. The campaigns aim to undermine Ukraine, propagate anti-LGBTQ+ sentiment, question U.S. military competence, and highlight Germany’s social and economic issues. Doppelganger employs advanced obfuscation techniques, brandjacking, and likely generative AI for disinformation. While the U.S. and German campaigns use inauthentic media outlets, their actual reach and engagement appear limited. Meta disrupts covert influence operations from China and Russia.

4. Qualcomm Security Exploits Unveiled

Qualcomm discloses exploited chip vulnerabilities with Google Project Zero identifying limited, targeted attacks. The flaws involve memory corruption in DSP Services and Graphics, enabling remote execution. Google’s TAG researchers and security experts reported the vulnerabilities. U.S. CISA adds them to its Known Exploited Vulnerabilities catalog, setting a patch deadline for federal agencies. Simultaneously, Google releases Android security updates addressing 85 flaws, including a critical impacting the System component with the potential for remote code execution without user interaction.

5. Google Play SpyLoan Scam Unveiled

Malicious SpyLoan apps, disguised as loan services, infiltrated Google Play, amassing over 12 million downloads. These Android threats steal extensive personal data, including account details and location information, deceiving users with promises of quick loans. After trapping victims into high-interest payments, the threat actors blackmail them for money. Despite Google’s removal of 17 SpyLoan apps, one persists with altered permissions. These fraudulent apps bypass Google Play’s defenses by posing as legitimate services with compliant policies. SpyLoan’s distribution has risen globally, with Mexico, India, and Thailand facing higher detection rates. Users are advised to rely on trusted financial institutions.

6. HTC Global Services Cyber Attack Confirmed

IT service firm HTC Global Services confirms a cyberattack after ALPHV ransomware leaks stolen data, including passports and emails. The company, known for services in healthcare, automotive, and finance, is actively investigating the breach. Speculation suggests the Citrix Bleed vulnerability may have been exploited for initial access. ALPHV, a ransomware group linked to DarkSide and BlackMatter, targets global enterprises and adapts tactics, recently attacking an electricity provider and hospital network in the US. Increased scrutiny on such attacks, especially on critical infrastructure, is anticipated.

7. WALA Exposes 25GB Pet Owners’ Data

The Worldwide Australian Labradoodle Association (WALA) inadvertently exposed 25GB of pet owners’ data, including names, addresses, phone numbers, email addresses, dog microchip numbers, and medical-related information. The breach resulted from a cloud server misconfiguration, affecting over 56,000 documents. Cybersecurity researcher Jeremiah Fowler discovered the incident, highlighting potential risks such as pet tracking, insurance fraud, identity theft, and other security threats. WALA’s global customer base raises concerns about the widespread impact. Affected individuals are urged to monitor financial accounts, exercise caution with communications, and enhance security measures to address the fallout from the data exposure.

8. Cyber Theft by Andariel in South Korea

North Korean hacker group Andariel, accused by Seoul police, stole 1.2TB of sensitive defense data, including details on advanced anti-aircraft weapons, from South Korean defense companies. The hackers laundered ransomware proceeds back to North Korea, extorting a total of $357,000 in bitcoin, and operated through rented servers, targeting 83 connections to organizations, with some unaware of the breaches; police seized servers and virtual asset exchanges, arresting a money transfer account owner.

9. Data Breach in Pan-American insurance

Pan-American Life Insurance Group (PALIG) has reported a data security incident related to Progress Software’s MOVEit Transfer software. Exploiting a zero-day vulnerability, unauthorized third parties accessed personal information, including names, addresses, social security numbers, and financial data. PALIG has ceased using MOVEit Transfer, applied security patches, and engaged cyber experts for an investigation, assuring affected individuals that there is no evidence of misuse for fraudulent purposes.

10. SPARRSO Hit by Team Network Nine

Hacktivist group Team Network Nine claims responsibility for a cyberattack on Bangladesh’s SPARRSO, causing a one-hour downtime. The alleged distributed denial-of-service (DDoS) attack rendered SPARRSO’s website inaccessible, with screenshots shared on Telegram. The incident raises concerns about cybersecurity measures in Bangladesh, following recent precautions by the central bank amid alerts of potential cyber threats. The collaborative efforts of hacktivist groups underscore the need for robust mitigation techniques against cyber threats in the country. The HTTP Error 500 on SPARRSO’s site can result from various cyberattacks, posing serious threats to normal operations and critical files.

11. Kali Linux 2023.4 Released

Kali Linux 2023.4, the final release of 2023, introduces GNOME 45 and 15 new tools for ethical hackers and cybersecurity professionals. The update focuses on enhancing the distro’s capabilities with tools for penetration testing, security audits, and research against networks. Additionally, Kali Linux now supports Edeployments on Amazon AWS, Microsoft Azure, Hyper-V using Vagrant, and offers a dedicated image for Raspberry Pi 5, expanding its accessibility and deployment options.

12. ENISA reports Threat of Landscape DoS Attack

ENISA’s report on DoS attacks highlights persistent security risks, with threat actors using cost-effective means. Global conflicts fuel waves of DoS attacks, primarily targeting government services for political retaliation. The report spans January 2022 to August 2023, analyzing 310 verified DoS incidents. Public administration is the most affected sector (46%), with 66% of attacks politically motivated. Amid the Russian-Ukraine conflict, 50% of incidents are linked. Notably, 56.8% of attacks caused total disruption, emphasizing the need for preparedness against DoS attacks in the evolving cyber warfare landscape.

13. Experts Push NIST for Digital ID Standards

Identity management experts advise Congress to assign NIST a central role in developing digital identity standards for REAL ID compliance by May 2025. The REAL ID Act requires domestic air travelers to present compliant IDs, but only 52% of U.S. citizens possess them. Lawmakers are urged to leverage NIST’s capabilities, avoiding delays from foreign entities and fostering nationwide compliance. Jeremy Grant suggests a one-year effort led by NIST to create standards and guidance for secure mobile driver’s licenses, emphasizing NIST’s expertise in digital identity and privacy engineering.

14. TSA Envisions AI-Driven Travel Future

The Transportation Security Administration (TSA) plans to integrate artificial intelligence (AI) across its operations, leveraging cloud computing to enhance passenger screening and threat detection processes. Kristin Ruiz, Deputy CIO of the TSA, highlighted AI’s potential in refining baggage scanning with image recognition and improving training through generative AI and simulation technologies. The TSA’s use of AI includes facial recognition and machine learning for object detection in screening processes. The agency envisions a future where AI streamlines verification processes, enhances security, and provides a seamless, contactless experience for travelers.

15. Ofcom Guides Porn Age Checks

Ofcom, the UK’s communications regulator, released guidance on age verification for porn sites under the Online Safety Act (2023). The rules aim to prevent underage access to adult content, and non-compliant websites could be blocked by internet service providers. Penalties for businesses failing to comply include fines up to £18 million ($22.3 million) or 10% of their global turnover. Acceptable age verification methods include photo ID matching, credit card checks, and digital identity wallet technologies, but privacy concerns have been raised by civil liberties groups regarding potential breaches and misuse of sensitive personal data.

Subscribe and Comment.

Copyright © 2023 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.


Click Here For The Original Source.

National Cyber Security